Linux 6.6 Will Make It Easy To Disable IO_uring System-Wide

While IO_uring has been one of the most interesting kernel innovations of recent years and can allow for great speed-ups to async I/O, there have been some security concerns and with the Linux 6.6 kernel it will be easier for Linux administrators to disable it system-wide if so desired.

IO_uring has yielded some security concerns and vulnerabilities particularly for those sticking to older versions of the Linux kernel. There has also been IO_uring integration issues with the Linux security subsystem. Most notable was Google last month Google noting how IO_uring has yielded ~60% of the submissions to Google's Vulnerability Rewards Program. Google has paid out around one million dollars worth of rewards around IO_uring vulnerabilities. This has led Google to restrict or even block IO_uring access on their servers, Android, and Chrome OS platforms.

Submitted by Google engineer Matteo Rizzo, the upstream Linux 6.6 kernel is set to add a new sysctl interface for disabling IO_uring system-wide. The io_uring_disabled sysctl knob is being added that if set to a value of one will block all processes from calling IO_uring's setup function except for those privileged users with the system administrator capability (CAP_SYS_ADMIN). Or if io_uring_disabled is set to a value of 2, it will block all processes regardless of privilege level.

By default all processes will still be able to create IO_uring instances but for those wanting to limit or completely disable IO_uring access will now have this easy sysctl tunable rather than restoring to building your own kernel or similar modifications.

The patch was picked up this week by linux-block's for-next branch as part of the for-6.6/io_uring material making it part of the changes to be sent in at the end of summer for the Linux 6.6 cycle.